The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 38 March healthcare breaches, affecting 828,921 patients. Of the reported incidents, there were 19 breaches due to hacking/IT incidents, 9 breaches from the unauthorized access/disclosure of protected health information (PHI), 6 breaches due to theft, and 2 breaches due to loss.

March healthcare breachesIs your organization secure? Find out now with our HIPAA compliance checklist.

March Healthcare Breaches: Hacking/IT Incidents

The majority of March healthcare breaches occurred as a result of hacking/IT incidents, accounting for 94.4% of the total number of patients affected for the month. The 19 incidents affected 782,407 patients. The following chart provides a breakdown of the nature of the hacking/IT incidents.

March Healthcare Breaches: Hacking/IT Incidents

Is your organization secure? Download the free cybersecurity eBook to get tips on how to protect your patient information.

Email Hacks Affected 485,219

  • Confidio, LLC: affected 3,600 patients
  • Washington University School of Medicine: affected 14,795 patients
  • University of Minnesota Physicians: affected 683 patients
  • Ambry Genetics Corporation: affected 232,772 patients
  • University of Utah: affected 3,670 patients
  • Golden Valley Health Centers: affected 39,700 patients
  • Otis R. Bowen Center for Human Services: affected 35,804 patients
  • Lifesprk: affected 9,000 patients
  • Tandem Diabetes Care, Inc.: affected 140,781 patients
  • Lakewood Health System: affected 1,415 patients
  • Foundation Medicine, Inc.: affected 2,999 patients

Network Server Hacks Affected 84,663

  • Affordacare Urgent Care Clinics: affected 57,411 patients
  • Crossroads Technologies, Inc.: affected 897 patients
  • Augusta Foot & Ankle, P.C.: affected 4,854 patients
  • Randleman Eye Center: affected 19,556 patients
  • The Prudential Insurance Company of America: affected 1,945 patients

Desktop Hacks Affected 10,700

  • Stockdale Radiology: affected 10,700 patients

Other Hacks Affected 201,825

  • Brandywine Urology Consultants, PA: affected 131,825 patients
  • Stephan C Dean: affected 70,000 patients

March Healthcare Breaches: Unauthorized Access/Disclosures

Incidents of unauthorized access/disclosures represented 1.8% of March healthcare breaches. The 9 incidents affected 15,071 patients, the following chart depicts the nature of the incidents.

March Healthcare Breaches: Unauthorized Access/DisclosuresAvoid HIPAA fines by becoming HIPAA compliant today!

Email Unauthorized Access/Disclosures Affected 2,843

  • Tryon Medical Partners, PLLC: affected 701 patients 
  • Health Care Service Corporation: affected 575 patients
  • Virginia Department of Behavioral Health and Developmental Services: affected 657 patients
  • NeoGenomics Laboratories, Inc.: affected 910 patients

Network Server Unauthorized Access/Disclosures Affected 3,448

  • Torrance Memorial Medical Center: affected 3,448 patients

Paper/FIlms Unauthorized Access/Disclosures Affected 1,614

  • VA Sierra Nevada Health Care System: affected 702 patients
  • TriHealth Cancer Institute: affected 912 patients

Electronic Medical Record Unauthorized Access/Disclosures Affected 3,772

  • Hawaii Pacific Health: affected 3,772 patients

Other Unauthorized Access/Disclosures Affected 3,394

  • Allegheny County, PA: affected 3,394 patients

March Healthcare Breaches: Theft/Loss

Theft of protected health information (PHI) represented 3.6% of the total patients affected by March healthcare breaches. There were 6 incidents of theft in March, affecting 30,107 patients. The following chart provides a breakdown of the nature of theft incidents in March.

March Healthcare Breaches: Theft
Email Theft Affected 730 

  • Renew Wellness Center, PLLC: affected 730 patients
  • Network Server Theft Affected 3,190 
  • David S Daley, DMD: affected 1,000 patients
  • Hao Rong DDS Inc dba Genuine Care Dental: affected 2,190 patients

Laptop Theft Affected 23,394

  • North Texas Institute of Neurology and Headache: affected 500 patients
  • OneDigital Health and Benefits: affected 22,894 patients

Other Theft Affected 2,793

  • Elk Ridge Dentistry: affected 2,793 patients

There were two incidents of loss of PHI, representing 0.2% of March healthcare breaches, affecting 1,336 patients. Both incidents involved the loss of paper/films.

  • Georgia Department of Human Services: affected 500 patients
  • Hawaii Pacific Health: affected 836 patients